namespace Billing2
{
    using System;
    using System.Data;
    using System.Web.UI;

    public class HttpGetBillReport : Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
            this.Response.AppendHeader("Cache-Control", "no-store");
            this.Response.AppendHeader("Cache-Control", "no-cache");
#if !DEV
            this.Response.AppendHeader("Content-Security-policy", "default-src https: data: 'unsafe-inline' 'unsafe-eval'");
#endif

            if (this.Session["SiteID"] == null)
            {
                base.Response.Redirect("default.aspx", true);
            }
            if ((base.Request.QueryString["ID"] != null) && (base.Request.QueryString["DownloadID"] != null))
            {
                Int64 ID = Convert.ToInt64(base.Request.QueryString["ID"].ToString());
                string DownloadID = base.Request.QueryString["DownloadID"].ToString();
                //DataTable dt_temp = new ClsBillReportRepository { ID = ID, DownloadID = DownloadID }.SelectByIDDownloadID();
                DataTable dt_temp = Common.db.Select(@"
                    SELECT ID
		                ,BillPeriodID
		                ,BillReportTemplateID
		                ,ReportFileName
		                ,ReportData
		                ,ContentType
		                ,IsReleased
		                ,SiteID
		                ,CostCentreID
                        ,BillCustomerID
		                ,CreatedBy
		                ,CreatedDateTime
		                ,ReleasedBy
		                ,ReleasedDateTime
		                ,DownloadID
 	                FROM BillReportRepository
 	                WHERE ID = @ID
 	                AND DownloadID = @DownloadID
                    ", ID
                     , DownloadID);
                if ((dt_temp != null) && (dt_temp.Rows.Count > 0))
                {
                    Int64 SiteID = (Int64)dt_temp.Rows[0]["SiteID"];
                    Int64 CostCentreID = (Int64)dt_temp.Rows[0]["CostCentreID"];
                    Int64 BillCustomerID = (Int64)dt_temp.Rows[0]["BillCustomerID"];

                    if (LoginUser.GroupName.ToUpper().Equals("BILLING RECIPIENT"))
                    {
                        if (BillCustomerID == 0)
                            base.Response.Redirect("default.aspx", true);

                        if(!Common.db.Exists(@"
  			                SELECT *
			                FROM BillCustomer
			                WHERE EmailTo like + '%' + @Email + '%'
				                AND ID = @ID
                            ", LoginUser.Email
                             , BillCustomerID))
                            base.Response.Redirect("default.aspx", true);
                    }

                    byte[] imagecontent = (byte[])dt_temp.Rows[0]["ReportData"];
                    base.Response.ContentType = Microsoft.Security.Application.Encoder.UrlEncode(dt_temp.Rows[0]["ContentType"].ToString());
                    base.Response.AddHeader("Content-Disposition", "attachment;filename=" + Common.EscapeHeader(dt_temp.Rows[0]["ReportFileName"].ToString()));
                    this.Context.Response.BinaryWrite(imagecontent);
                }
            }
        }

        protected override void OnInit(EventArgs e)
        {
            base.OnInit(e);
            ViewStateUserKey = Session.SessionID;
        }
    }
}